Simplistic overview of the O&M Problems most SIEM customers face:
1. Today, many SIEM customers have 2 or more Full Time Engineers (FTE’s) supporting, managing or otherwise dedicated to their SIEM and still find themselves using only a small percentage of the SIEM’s real potential.
2. Many customers know that there is more they can “do” with the SIEM but simply can’t get there from where they currently stand. Frustration continually builds up.
3. Most customers simply don’t know where to go next after the initial implementation or consulting engagement.
4. Hiring the best SIEM Experts is really, really expensive especially when you factor in all of the downtime caused by change-control or other mission critical tasks that pop-up and waste valuable time.
Simplified solution overview:
1. Decurity will help ensure you purchase the right tool for your needs and ensure the tools are configured optimally for the long-haul.
2. Decurity will provide pre-packaged and custom-built content delivered to you on a recurring basis to help expand your usage of the SIEM and extract the most possible value from the tool.
3. Decurity is there for the long-term, working to understand your changing needs and using our expertise to help guide your efforts accordingly.
4. Decurity leverages the most experienced SIEM team in the industry to deliver these services in a very cost-effective manner.
A little more detail about what is including in our Enterprise SIEM Subscription Service:
Installation/Expansion:
Decurity can help during all phases of your SIEM deployment. Decurity will work with you to help you define the requirements, guide you through vendor selection, architect the solution, implement or expand on your existing infrastructure. We partner with you to ensure you receive the best possible advice through the lifecycle of your SIEM deployment.
Quarterly SIEM Healthchecks:
As part of this service offering on a quarterly basis Decurity will work with your team to ensure your SIEM is performing at it’s most optimal capacity. Typically, much of this work can be accomplished remotely further reducing your team’s time and cost commitments. We’ll quickly identify any issues, offer remediation plans and help you implement any necessary changes.
SIEM Content Updates:
Our experts will develop SIEM Content to help your analysts more accurately focus on the “Events of Interest” for your organization. Our solutions are categorized by Event Source and/or by Problem-Set to help you better understand which content will add value to your environment. Solutions will be updated on a recurring basis (daily, weekly, etc) as new Event Sources, Problem-Sets and Solutions are identified and/or refined.
Here are some examples of SIEM Content we’ll update/refine for you:
• Active Lists: For Example: Hot IP’s, Domains - We maintain a list of Hot IP’s and Domains that is updated Daily (as necessary).
• Active Channels: Events of Interest, Interesting Analytical Views
• Data Monitors / Dashboards: Statistical Analysis, Performance Measurements, Security Status Dashboards
• Filters: (reusable queries)
• Reports/Query/Trends: Reports that focus on measuring success or providing “Actionable Intelligence”
• Correlaton Rules: Basic and Advanced Correlation relevant to the Problem-set and customizable to meet your specific organizations needs.
• Workflow and Notifications
• Tools: Integration of tools/macros/scripts
• Pattern Discovery (Profiles): (ArcSight Only) By providing new and updated profiles based on Event Sources or problem sets we’ll help you gain the most from this powerful tool!
Added Value:
As part of this offering customers also have the opportunity to submit new problem-sets for us to solve - simply work with us through our support system to understand the problems you are trying to solve and we’ll help you develop customized solutions. Instead of investing in costly consulting engagements you can leverage this service to create solutions.
Log Management and SIEM integration Support
We’ll help you most effectively use your Log Management and SIEM tools to complement and enhance the overall value of both solutions!
We’ll ensure from the the data is intelligently processed providing you with the information you need but not killing your SIEM and overwhelming your team. From the Event Source through the “collector” into your Log Management Solution and finally as it reached your SIEM we’ll work with you to ensure the right information is collected, stored, forwarded and analyzed to maximize functionality and overall value by reducing storage/processing costs.
Summary:
No matter where you stand with your SIEM deployment Decurity’s Subscription service will benefit you greatly. If you’re just getting started we’ll save you the 2 years of frustration your peers enjoyed. If you’re more mature in your SIEM efforts we can help ensure you’re really getting all the value you possibly can from your system. Our goal is to make this as simple as possible so that you can work on the output of the SIEM and take action to protect your enterprise. We’ll make the SIEM work FOR you!
Sales Information: We want to work with you to understand your needs and will be more than happy to schedule some time to talk more about how Decurity can help you with your SIEM and Log Management needs. Please send us an email at sales at decurity dot com with any questions you might have and we’ll get back to you (usually the same day).
About Decurity:
Decurity supports the Fortune 500 Globally and many US Government customers on a true enterprise scale. We are focused solely on Security Operation including the usage SIEM and Log Management Solutions to enhance the Incident Response Process. Our experts have been responsible for hundreds of Log Management and SIEM implementations across the world. We will do what it takes to make you successful!
The preceding has been a repost of my blog entry at: http://blog.decurity.com/index.php/dec_template/more/preview_of_decuritys_new_subscription_service/
Update 1 (23 Feb 2009) : Updated http://www.decurity.com reference link: http://www.decurity.com/SIEM_SUBSCRIPTION_OVERVIEW.html
The webpage offers additional explanation about the initial rollout of this service offering which is centered on the Arcsight ESM and ArcSight Logger products. Future releases will offer support for products such as Splunk, Symantec SIM, RSA Envision, etc.
Posts
No comments:
Post a Comment